glenux-archive/cloutier--bird.makeup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ensure valide username pattern, fix #75

Browse source
This commit is contained in:
Nicolas Constant 2021-01-30 01:28:20 -05:00
parent 10c1da4a34
commit 52e2868deb
No known key found for this signature in database
GPG key ID: 1E9F677FB01A5688
2 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/BirdsiteLive/Controllers/UsersController.cs
View file

@ -4,6 +4,7 @@ using System.IO;
using System.Linq; using System.Linq;
using System.Net.Mime; using System.Net.Mime;
using System.Runtime.InteropServices.WindowsRuntime; using System.Runtime.InteropServices.WindowsRuntime;
using System.Text.RegularExpressions;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using BirdsiteLive.ActivityPub; using BirdsiteLive.ActivityPub;
@ -12,6 +13,7 @@ using BirdsiteLive.Common.Settings;
using BirdsiteLive.Domain; using BirdsiteLive.Domain;
using BirdsiteLive.Models; using BirdsiteLive.Models;
using BirdsiteLive.Twitter; using BirdsiteLive.Twitter;
using BirdsiteLive.Twitter.Models;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives; using Microsoft.Extensions.Primitives;
@ -26,6 +28,7 @@ namespace BirdsiteLive.Controllers
private readonly IUserService _userService; private readonly IUserService _userService;
private readonly IStatusService _statusService; private readonly IStatusService _statusService;
private readonly InstanceSettings _instanceSettings; private readonly InstanceSettings _instanceSettings;
private readonly Regex _twitterAccountRegex = new Regex(@"^[a-zA-Z0-9_]+$");
#region Ctor #region Ctor
public UsersController(ITwitterUserService twitterUserService, IUserService userService, IStatusService statusService, InstanceSettings instanceSettings, ITwitterTweetsService twitterTweetService) public UsersController(ITwitterUserService twitterUserService, IUserService userService, IStatusService statusService, InstanceSettings instanceSettings, ITwitterTweetsService twitterTweetService)
@ -55,7 +58,12 @@ namespace BirdsiteLive.Controllers
public IActionResult Index(string id) public IActionResult Index(string id)
{ {
id = id.Trim(new[] { ' ', '@' }).ToLowerInvariant(); id = id.Trim(new[] { ' ', '@' }).ToLowerInvariant();
var user = _twitterUserService.GetUser(id);
// Ensure valid username
// https://help.twitter.com/en/managing-your-account/twitter-username-rules
TwitterUser user = null;
if (!string.IsNullOrWhiteSpace(id) && _twitterAccountRegex.IsMatch(id) && id.Length <= 15)
user = _twitterUserService.GetUser(id);
var acceptHeaders = Request.Headers["Accept"]; var acceptHeaders = Request.Headers["Accept"];
if (acceptHeaders.Any()) if (acceptHeaders.Any())

7
src/BirdsiteLive/Controllers/WellKnownController.cs
View file

@ -1,6 +1,7 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Text.RegularExpressions;
using System.Threading.Tasks; using System.Threading.Tasks;
using BirdsiteLive.ActivityPub.Converters; using BirdsiteLive.ActivityPub.Converters;
using BirdsiteLive.Common.Settings; using BirdsiteLive.Common.Settings;
@ -19,6 +20,7 @@ namespace BirdsiteLive.Controllers
private readonly ITwitterUserService _twitterUserService; private readonly ITwitterUserService _twitterUserService;
private readonly ITwitterUserDal _twitterUserDal; private readonly ITwitterUserDal _twitterUserDal;
private readonly InstanceSettings _settings; private readonly InstanceSettings _settings;
private readonly Regex _twitterAccountRegex = new Regex(@"^[a-zA-Z0-9_]+$");
#region Ctor #region Ctor
public WellKnownController(InstanceSettings settings, ITwitterUserService twitterUserService, ITwitterUserDal twitterUserDal) public WellKnownController(InstanceSettings settings, ITwitterUserService twitterUserService, ITwitterUserDal twitterUserDal)
@ -160,6 +162,11 @@ namespace BirdsiteLive.Controllers
// Ensure lowercase // Ensure lowercase
name = name.ToLowerInvariant(); name = name.ToLowerInvariant();
// Ensure valid username
// https://help.twitter.com/en/managing-your-account/twitter-username-rules
if (string.IsNullOrWhiteSpace(name) || !_twitterAccountRegex.IsMatch(name) || name.Length > 15 )
return NotFound();
if (!string.IsNullOrWhiteSpace(domain) && domain != _settings.Domain) if (!string.IsNullOrWhiteSpace(domain) && domain != _settings.Domain)
return NotFound(); return NotFound();